information security cryptography part1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Information Security: Cryptography (part1) PowerPoint Presentation
Download Presentation
Information Security: Cryptography (part1)

Loading in 2 Seconds...

play fullscreen
1 / 36

Information Security: Cryptography (part1) - PowerPoint PPT Presentation


  • 119 Views
  • Uploaded on

Information Security: Cryptography (part1). Dr. Shahriar Bijani Shahed University. Slides References. Matt Bishop, Computer Security: Art and Science , the author homepage, 2002-2004. Addam Schroll , Cryptography , Purdue university.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Information Security: Cryptography (part1)' - finley


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
information security cryptography part1

Information Security:Cryptography (part1)

Dr. ShahriarBijani

Shahed University

slides references
Slides References
  • Matt Bishop, Computer Security: Art and Science, the author homepage, 2002-2004.
  • AddamSchroll, Cryptography, Purdue university.
  • Nikita Borisov, Cryptography, Illinois university, CS461, 2007.
definitions
Definitions
  • Cryptography = the science of encryption
  • Cryptanalysis = the science of breaking encryption
  • Cryptology = cryptography + cryptanalysis
definitions1
Definitions

Plaintext – A message in its natural format readable by an attacker

Ciphertext – Message altered to be unreadable by anyone except the intended recipients

Key – Sequence that controls the operation and behavior of the cryptographic algorithm

Keyspace– Total number of possible values of keys in a crypto algorithm

definitions2
Definitions

Initialization Vector – Random values used with ciphers to ensure no patterns are created during encryption

Cryptosystem – The combination of algorithm, key, and key management functions used to perform cryptographic operations

cryptosystem
Cryptosystem
  • Quintuple (E, D, M, K, C)
    • M set of plaintexts
    • K set of keys
    • C set of ciphertexts
    • E set of encryption functions e: M KC
    • D set of decryption functions d: C KM
cryptosystem services
Cryptosystem Services
  • Confidentiality
  • Integrity
  • Authenticity
  • Nonrepudiation
  • Access Control
types of cryptography
Types of Cryptography
  • Stream-based Ciphers
    • Mixes plaintext with key stream
    • Good for real-time services
  • Block Ciphers
    • Substitution and transposition
encryption systems
Encryption Systems
  • Substitution Cipher
    • Convert one letter to another
    • Cryptoquip
  • Transposition Cipher
    • Change position of letter in text
    • Word Jumble
  • Monoalphabetic Cipher
    • E.g. Caesar
encryption systems1
Encryption Systems
  • Polyalphabetic Cipher
    • E.g. Vigenère
  • Modular Mathematics
    • Running Key Cipher
  • One-time Pads
    • Randomly generated keys

10

steganography
Steganography
  • Hiding a message within another medium, such as an image
  • No key is required
  • Example
    • Modify color map of JPEG image
cryptographic methods
Cryptographic Methods
  • Symmetric
    • Known as Block Ciphers or Classical
    • Same key for encryption and decryption
    • Key distribution problem
  • Asymmetric
    • Mathematically related key pairs for encryption and decryption
    • Public and private keys
cryptographic methods1
Cryptographic Methods
  • Hybrid
    • Combines strengths of both methods
    • Asymmetric distributes symmetric key
      • Also known as a session key
    • Symmetric provides bulk encryption
    • Example:
      • SSL negotiates a hybrid method
symmetric algorithms block ciphers
Symmetric Algorithms (Block Ciphers)
  • DES / 3DES
  • AES
  • IDEA
  • Blowfish
  • RC4/ RC5
  • CAST
  • SAFER
  • Twofish

Plaintext

E

Ciphertext

Key

D

Plaintext

asymmetric algorithms
Asymmetric Algorithms
  • Diffie-Hellman
  • RSA
  • El Gamal
  • Elliptic Curve Cryptography (ECC)
hashing algorithms
Hashing Algorithms
  • MD5
    • Computes 128-bit hash value
    • Widely used for file integrity checking
  • SHA-1
    • Computes 160-bit hash value
    • NIST approved message digest algorithm
attacks
Attacks
  • Opponent whose goal is to break cryptosystem is the adversary
    • Assume adversary knows algorithm used, but not key
  • Three types of attacks:
    • Ciphertext only: adversary has only ciphertext; goal is to find plaintext, possibly key
    • Known plaintext: adversary has ciphertext, Learn (or guess) part of the corresponding plaintext, decrypt the rest plaintext; goal is to find key
    • Chosen plaintext: adversary may supply plaintexts and obtain corresponding ciphertext; goal is to find key (or other messages)
basis for attacks
Basis for Attacks
  • Mathematical attacks
    • Based on analysis of underlying mathematics
  • Statistical attacks
    • Make assumptions about the distribution of letters, pairs of letters (digrams), triplets of letters (trigrams), etc.
      • Called models of the language
    • Examine ciphertext, correlate properties with the assumptions.
classical cryptography
Classical Cryptography
  • Sender, receiver share common key
    • Keys may be the same, or trivial to derive from one another
  • Two basic types
    • Transposition ciphers
    • Substitution ciphers
    • Combinations are called product ciphers
transposition cipher
Transposition Cipher
  • Rearrange letters in plaintext to produce ciphertext
  • Example: Rail-Fence Cipher
    • Plaintext is HELLO WORLD
    • Rearrange as

HLOOL

ELWRD

    • Ciphertext is HLOOL ELWRD
attacking the cipher
Attacking the Cipher
  • Anagramming
    • If 1-gram frequencies match English frequencies, but other n-gram frequencies do not, probably transposition
    • Rearrange letters to form n-grams with highest frequencies
example
Example
  • Ciphertext: HLOOLELWRD
  • Frequencies of 2-grams beginning with H
    • HE 0.0305
    • HO 0.0043
    • HL, HW, HR, HD < 0.0010
  • Frequencies of 2-grams ending in H
    • WH 0.0026
    • EH, LH, OH, RH, DH ≤ 0.0002
  • Implies E follows H
example1
Example
  • Arrange so the H and E are adjacent

HE

LL

OW

OR

LD

  • Read off across, then down, to get original plaintext!
substitution ciphers
Substitution Ciphers
  • Change characters in plaintext to produce ciphertext
  • Example: Caesar cipher
    • Plaintext is HELLO WORLD
    • Change each letter to the third letter following it (X goes to A, Y to B, Z to C)
      • Key is 3, usually written as letter ‘D’
    • Ciphertext is KHOOR ZRUOG
  • Each letter gets mapped to another letter
    • E.g. A -> E, B -> R, C -> Q, ...
  • What’s the key space?
    • 26!
caesar cipher
Caesar cipher
  • Historical Ciphers

K=3

Outer: plaintext

Inner: ciphertext

caesar cipher1
Caesar cipher
  • Formally
    • Encrypt(Letter, Key) = (Letter + Key) (mod 26)
    • Decrypt(Letter, Key) = (Letter - Key) (mod 26)
  • Encrypt(“NIKITA”, 3) = “QLNLWD”
  • Decrypt(“QLNLWD”, 3) = “NIKITA”
  • More Formally
    • M = { sequences of letters }
    • K = { i | i is an integer and 0 ≤ i ≤ 25 }
    • E = { Ek | kK and for all letters m,

Ek(m) = (m + k) mod 26 }

    • D = { Dk | kK and for all letters c,

Dk(c) = (26 + c – k) mod 26 }

    • C = M
attacks1
Attacks
  • Ciphertext only attack:
    • Recover plaintext knowing only the ciphertext
  • Ciphertext:
    • HSPAA SLRUV DSLKN LPZHK HUNLY VBZAO PUN
frequency analysis
Frequency analysis

HSPAA SLRUV DSLKN LPZHK HUNLY VBZAO PUN

  • Find most frequent letters
    • 4 times: L
    • 3 times: A, H, N, P, S, U
  • Guess: Decrypt(L) = E
    • Key = L-E = 7
    • Decrypt(HSPAA SLRUV DSLKN LPZHK HUNLY VBZAO PUN, 7) = ALITT LEKNO WLEDG EISAD ANGER OUSTH ING
brute force
Brute force
  • Ciphertext = IGKYGXOYOTYKIAXK
    • Decrypt(IGKYGXOYOTYKIAXK, 1) = HFJXFWNXNSXJHZWJ
    • Decrypt(IGKYGXOYOTYKIAXK, 2) = GEIWEVMWMRWIGYVI
    • Decrypt(IGKYGXOYOTYKIAXK, 3) = FDHVDULVLQVHFXUH
    • Decrypt(IGKYGXOYOTYKIAXK, 4) = ECGUCTKUKPUGEWTG
    • Decrypt(IGKYGXOYOTYKIAXK, 5) = DBFTBSJTJOTFDVSF
    • Decrypt(IGKYGXOYOTYKIAXK, 6) = CAESARISINSECURE
attacking the cipher1
Attacking the Cipher
  • Exhaustive search
    • If the key space is small enough, try all possible keys until you find the right one
    • Caesar cipher has 26 possible keys
  • Statistical analysis
    • Compare to 1-gram model of English
statistical attack
Statistical Attack
  • Compute frequency of each letter in ciphertext:

G 0.1 H 0.1 K 0.1 O 0.3

R 0.2 U 0.1 Z 0.1

  • Apply 1-gram model of English
    • Frequency of characters (1-grams) in English is on next slide
statistical analysis
Statistical Analysis
  • f(c) frequency of character c in ciphertext
  • (i) correlation of frequency of letters in ciphertext with corresponding letters in English, assuming key is i
    • (i) = 0 ≤ c ≤ 25f(c)p(c – i) so here,

(i) = 0.1p(6 – i) + 0.1p(7 – i) + 0.1p(10 – i) + 0.3p(14 – i) + 0.2p(17 – i) + 0.1p(20 – i) + 0.1p(25 – i)

      • p(x) is frequency of character x in English
the result
The Result
  • Most probable keys, based on :
    • i = 6, (i) = 0.0660
      • plaintext EBIIL TLOLA
    • i = 10, (i) = 0.0635
      • plaintext AXEEH PHKEW
    • i = 3, (i) = 0.0575
      • plaintext HELLO WORLD
    • i = 14, (i) = 0.0535
      • plaintext WTAAD LDGAS
  • Only English phrase is for i = 3
    • That’s the key (3 or ‘D’)
caesar s problem
Caesar’s Problem
  • Key is too short
    • Can be found by exhaustive search
    • Statistical frequencies not concealed well
      • They look too much like regular English letters
  • So make it longer
    • Multiple letters in key
    • Idea is to smooth the statistical frequencies to make cryptanalysis harder